亞馬遜各國站點鏈接

by Georgia Nola

喬治亞·諾拉(Georgia Nola)

使用Amazon S3和HTTPS的簡單站點托管 (Simple site hosting with Amazon S3 and HTTPS)

Hiya folks!

大家好！

In this tutorial I’ll show you how to host a static website with HTTPS on AWS with a custom domain. All this is possible using AWS free tier.

在本教程中，我將向您展示如何在具有自定義域的AWS上使用HTTPS托管靜態網站。使用AWS免費套餐可以實現所有這些功能。

However, the services we are going to use do incur some small charges. Generally speaking these shouldn’t exceed $1/month.

但是，我們將要使用的服務確實會收取少量費用。一般來說，這些費用不應超過$ 1 /每月。

We’ll be using a combination of the following AWS services: —S3 — Route53 — Certificate manager— CloudFront

我們將結合使用以下AWS服務：-S3-Route53-證書管理器-CloudFront

Let’s get into it!

讓我們開始吧！

設置您的S3存儲桶 (Setup your S3 buckets)

First, you’ll need two S3 buckets, both should match your custom domain name with the second including the www subdomain.

首先，您需要兩個S3存儲桶 ，兩個存儲桶都應與您的自定義域名匹配，第二個存儲桶應與www子域匹配。

Bucket 1: mywebsite.comBucket 2: www.mywebsite.com

值區1：時段2： www.mywebsite.com

The first bucket (mywebsite.com) is the main bucket for your site. This contains all your files and assets for your static website.

第一個存儲桶(mywebsite.com)是您網站的主要存儲桶。其中包含您靜態網站的所有文件和資產。

Next we setup this bucket for static site hosting. You can find this under the Properties tab of the bucket, and we’re going to keep the defaults provided here with the index of the site set to index.html.

接下來，我們為靜態站點托管設置此存儲桶。您可以在存儲桶的“屬性”標簽下找到此文件，我們將保留此處提供的默認值，并將網站的索引設置為index.html。

We also need to make this bucket publicly accessible as a user’s browser will need to access the bucket’s files in order to render the website. We can do this by setting a Bucket Policy under the Permissions tab.

我們還需要使該存儲桶可公開訪問，因為用戶的瀏覽器需要訪問該存儲桶的文件才能呈現網站。為此，我們可以在“權限”標簽下設置存儲桶策略。

{       "Version": "2012-10-17",       "Statement": [        {            "Sid": "PublicReadGetObject",            "Effect": "Allow",            "Principal": "*",            "Action": "s3:GetObject",            "Resource": "MY_BUCKET_ARN"        }    ]}

This is a simple policy that will only allow public read access of objects in the bucket. Now, if you head to the endpoint defined in the static hosting config of the bucket, you should see your website.

這是一個簡單的策略，僅允許對存儲桶中的對象進行公共讀取訪問。現在，如果您轉到存儲桶的靜態托管配置中定義的端點，則應該會看到您的網站。

Progress! But we can do better than that.

進展！但是我們可以做得更好。

The second bucket (www.mywebsite.com) we will leave empty but configure to redirect to our first bucket using HTTP as the protocol (we’ll make it HTTPS later).

第二個存儲桶(www.mywebsite.com)將保留為空，但配置為使用HTTP作為協議重定向到第一個存儲桶(稍后將其設置為HTTPS)。

Your buckets are now ready to go!

您的水桶現在準備出發了！

使用Route53配置域 (Configure Domains with Route53)

So your website is up and running but only accessible via the bucket endpoint and not your custom domain. Let’s change that.

因此，您的網站已啟動并正在運行，但只能通過存儲桶端點訪問，而不能通過自定義域訪問。讓我們改變它。

Head to Route53. If you’ve registered your domain with the Amazon Registrar you should see that a hosted zone has been setup for you with two record sets. One for Name Server (NS) and one for SOA.

前往Route53 。如果您已經在Amazon Registrar上注冊了您的域，則應該看到已經為您設置了帶有兩個記錄集的托管區域。一個用于名稱服務器(NS)，另一個用于SOA。

All we need to do is to create two more record sets to point to the S3 bucket endpoints.

我們需要做的就是再創建兩個記錄集，以指向S3存儲桶端點。

For each record set: — Type: A — IPv4 address — Alias: Yes — Alias Target: the S3 website endpoint that matches what you set for Name.

對于每個記錄集：-類型：A-IPv4地址-別名：是-別名目標：與您為“名稱”設置匹配的S3網站端點。

Now we can head to the custom url…and voilà!We’re almost there, but there’s one last thing we’re missing…

現在我們可以轉到自定義網址了……瞧瞧！我們快到了，但是我們還缺少最后一件事……

Note: If your domain is registered with another domain registrar (not Amazon) you’ll need to follow some different steps to set this up. Usually you’ll need to add a CNAME record with a value of the main S3 buckets endpoint.

注意：如果您的域名是在另一個域名注冊機構(不是Amazon)注冊的，則需要按照一些不同的步驟進行設置。通常，您需要添加一個CNAME記錄，并帶有一個主S3存儲桶端點的值。

Troubleshooting:If you deleted the hosted zone Amazon created when you first registered the domain (I’ve done this because hosted zones do incur some charges), you’ll need to create a new hosted zone from scratch.

故障排除 ：如果您刪除了首次注冊域時由Amazon創建的托管區域(我這樣做是因為托管區域確實會產生一些費用)，則需要從頭開始創建一個新的托管區域。

Select “Create Hosted Zone” and set the domain name, for example “mywebsite.com”
選擇“創建托管區域”并設置域名，例如“ mywebsite.com”
This will generate some new record sets for types NS and SOA.
這將為NS和SOA類型生成一些新的記錄集。
Go into your registered domain and update the Name Servers values to those generated in the new NS record set.
進入您的注冊域，并將“名稱服務器”值更新為在新NS記錄集中生成的值。

申請證書 (Requesting a Certificate)

Awesome, the site is now hosted using the custom url! However we can only access it via HTTP protocol.We should always ensure our sites are secured using HTTPS protocol. This protects our site and users from malicious injection attacks and guarantees authenticity.

太棒了，該網站現在使用自定義網址托管！但是，我們只能通過HTTP協議訪問它。我們應始終確保使用HTTPS協議保護我們的網站的安全。這樣可以保護我們的網站和用戶免受惡意注入攻擊，并確保真實性。

Head to Certificate Manager in AWS Console and request a new public certificate (this is free). You’ll be prompted to enter the domain names you wish to secure.

前往AWS Console中的證書管理器并請求一個新的公共證書(這是免費的)。系統將提示您輸入要保護的域名。

Before the certificate can be issued, Amazon needs to be able to verify that you own the specified domains.

在頒發證書之前，Amazon需要能夠驗證您擁有指定的域。

You can choose from two verification methods: Email or DNS.

您可以從兩種驗證方法中選擇：電子郵件或DNS。

Email is generally simpler, but you’ll need to ensure you can access the email used to register the domain. Alternatively, if you used Amazon Registrar and Route53, you can select the DNS method. This requires you to add some specific record sets to the hosted zone, but this is mostly automated for you so it’s quite simple.

電子郵件通常更簡單，但是您需要確保可以訪問用于注冊域的電子郵件。或者，如果您使用了Amazon Registrar和Route53，則可以選擇DNS方法。這要求您將一些特定的記錄集添加到托管區域，但這對您來說大多是自動化的，因此非常簡單。

It can take a few minutes for the certificate to be issued after validation. When its all done we can continue to the final step!

驗證后可能需要花費幾分鐘才能頒發證書。完成所有步驟后，我們可以繼續執行最后一步！

配置CloudFront (Configuring CloudFront)

For the final step we are going to use CloudFront which allows us to use the new SSL certificate to serve the website with HTTPS. CloudFront also speeds up the distribution of web content by storing it at multiple edge locations and delivering from the closest edge location to a user.

對于最后一步，我們將使用CloudFront ，它允許我們使用新的SSL證書通過HTTPS為網站提供服務。 CloudFront還通過將Web內容存儲在多個邊緣位置并從最近的邊緣位置傳遞給用戶來加快Web內容的分發。

We need two new web distributions, one for each S3 bucket. Head to CloudFront in the AWS Console and create the first web distribution.There are lots of settings available to create a web distribution, but for the basics we only need to change five:

我們需要兩個新的Web發行版 ，每個S3存儲桶一個。前往AWS控制臺中的CloudFront并創建第一個Web分配。創建Web分配有很多可用設置，但對于基礎知識，我們只需要更改以下五個設置：

Origin Domain Name: Set this to the S3 website endpoint for one of the buckets. Important: This field will give you some auto-complete options with your S3 bucket names. However, using these can cause issues with redirecting to the bucket endpoint. So instead use the bucket endpoint directly.
原始域名 ：將其設置為其中一個存儲桶的S3網站端點。 重要提示 ：此字段將為您提供一些S3存儲桶名稱的自動填充選項。但是，使用這些會導致重定向到存儲桶端點的問題。因此，請直接使用存儲桶端點。
Origin Id: This populated for you when you enter Origin Domain Name.
原始ID ：輸入原始域名時為您填充。
Viewer Protocol Policy: Set to “Redirect HTTP to HTTPS”.
查看器協議策略 ：設置為“將HTTP重定向到HTTPS”。
Alternate Domain Names: This should match the name of the S3 bucket you’re pointing to. For example “mywebsite.com”.
備用域名 ：此名稱應與您指向的S3存儲桶的名稱匹配。例如“ mywebsite.com”。
SSL Certificate: Select “Custom SSL Certificate” and select your new certificate from the dropdown.
SSL證書 ：選擇“自定義SSL證書”，然后從下拉列表中選擇新證書。

Do this again for the second S3 bucket.

對第二個S3存儲桶再次執行此操作。

The distributions can take a while to spin up, so while we wait, let’s do the finishing steps.

這些發行版可能需要一段時間才能啟動，因此在我們等待時，讓我們完成最后的步驟。

Back in S3, go to your secondary bucket (www.mywebsite.com), in the Properties tab and under Static Website Hosting set the redirect protocol to HTTPS.

回到S3中 ，轉到“輔助存儲桶”(www.mywebsite.com)，在“屬性”選項卡中的“靜態網站托管”下，將重定向協議設置為HTTPS。

Finally, head back to Route53. We need to update the custom A records we created to now target the CloudFront distributions rather than the S3 buckets. For each record, change the Alias Target and select the CloudFront distribution available in the dropdown.

最后，返回Route53 。我們需要更新我們創建的自定義A記錄，以現在定位到CloudFront分配而不是S3存儲桶。對于每條記錄，更改Alias Target并在下拉列表中選擇可用的CloudFront分配。

Note: Again, if you are using another DNS service you’ll need to go update the CNAME record from there to point to the CloudFront domain name.

注意：同樣，如果您使用的是其他DNS服務，則需要從那里更新CNAME記錄，以指向CloudFront域名。

And there you have it! Your beautiful website is now available at the custom domain and served with HTTPS!

在那里，您擁有了！您美麗的網站現在可以在自定義域中使用，并通過HTTPS服務！

Thanks for reading! I hope this guide was useful and enjoyable, I’d love to know if you found it helpful.

謝謝閱讀！希望本指南對您有所幫助并且愉快，我很想知道您是否對本指南有所幫助。